package com.example.electricbicycle.controller;

import com.example.electricbicycle.po.User;
import utils.DBUtils;

import javax.servlet.*;
import javax.servlet.http.*;
import javax.servlet.annotation.*;
import java.io.IOException;
import java.sql.Connection;
import java.sql.PreparedStatement;

@WebServlet("/changePassword")
public class ChangePasswordServlet extends HttpServlet {
    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
        // 检查用户是否登录
        HttpSession session = request.getSession();
        User currentUser = (User) session.getAttribute("currentUser");

        if (currentUser == null) {
            response.sendRedirect(request.getContextPath() + "/login.jsp");
            return;
        }

        // 设置会话超时时间为30分钟
        session.setMaxInactiveInterval(30 * 60);

        // 转发到修改密码页面
        request.getRequestDispatcher("/change_password.jsp").forward(request, response);
    }

    protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
        HttpSession session = request.getSession();
        User currentUser = (User) session.getAttribute("currentUser");

        if (currentUser == null) {
            response.sendRedirect(request.getContextPath() + "/login.jsp");
            return;
        }

        // 设置会话超时时间为30分钟
        session.setMaxInactiveInterval(30 * 60);

        String currentPassword = request.getParameter("currentPassword");
        String newPassword = request.getParameter("newPassword");
        String confirmPassword = request.getParameter("confirmPassword");

        // 验证输入
        if (currentPassword == null || currentPassword.isEmpty() ||
                newPassword == null || newPassword.isEmpty() ||
                confirmPassword == null || confirmPassword.isEmpty()) {
            session.setAttribute("error", "所有字段都必须填写");
            response.sendRedirect(request.getContextPath() + "/change_password.jsp");
            return;
        }

        if (!newPassword.equals(confirmPassword)) {
            session.setAttribute("error", "新密码和确认密码不匹配");
            response.sendRedirect(request.getContextPath() + "/change_password.jsp");
            return;
        }

        // 验证当前密码是否正确
        if (!currentPassword.equals(currentUser.getPassword())) {
            session.setAttribute("error", "当前密码不正确");
            response.sendRedirect(request.getContextPath() + "/change_password.jsp");
            return;
        }

        // 更新密码
        try (Connection conn = DBUtils.getConnection()) {
            String sql = "UPDATE user SET password = ? WHERE id = ?";

            try (PreparedStatement pstmt = conn.prepareStatement(sql)) {
                pstmt.setString(1, newPassword);
                pstmt.setInt(2, currentUser.getId());

                int rowsAffected = pstmt.executeUpdate();

                if (rowsAffected > 0) {
                    // 更新session中的用户对象
                    currentUser.setPassword(newPassword);
                    session.setAttribute("currentUser", currentUser);

                    // 设置成功消息
                    session.setAttribute("success", "密码修改成功！");
                    response.sendRedirect(request.getContextPath() + "/login.jsp");
                } else {
                    session.setAttribute("error", "密码修改失败，请重试");
                    response.sendRedirect(request.getContextPath() + "/change_password.jsp");
                }
            }
        } catch (Exception e) {
            e.printStackTrace();
            session.setAttribute("error", "系统错误，密码修改失败");
            response.sendRedirect(request.getContextPath() + "/change_password.jsp");
        }
    }
}